On 07/18/11 15:56, Nico Williams wrote:
The problem is getting the required write access to the name service.  It
might be possible to get better behavior in some cases, but my bet is that
we couldn't get anywhere near 100%.  For instance, I'm pretty sure that
Oracle's internal NIS infrastructure is populated from some other database,
and that there's simply no way to write to it.

So you give the customer a hook for this, and let them do what they
have to to update NIS (or LDAP, or whatever).

Possibly, but mostly I consider the "let the customer cobble together their own solution" to be an answer for the 1980s, not for the 2000s.

However, it's worth noting that the fact that NT hashes need to be kept
secret already gives our security people heartburn, even in the very limited
way that we support them today (in an only-root-can-read file). Putting them
into a directory in a secure way would be ... tricky.

Are you sure that the issue isn't *how* you store them, rather than
*that* you store them?

It is my understanding that the mere fact of storing them was controversial. That review was before my time, and I don't find much relevant in the records.
cifs-discuss mailing list

Reply via email to